[OpenAFS-devel] AFS Authentication through LDAP
Nathan Neulinger
nneul@umr.edu
Sat, 22 Dec 2001 09:09:27 -0600
Probably the easiest way to do this would be something along the lines
of gssklog.
Check the list archives for details, I don't remember who posted it (I
think Engert, but I'm not positive). Basically it used another mechanism
to get the afs token, but still generated an AFS token that the AFS code
used. You could probably rig something similar with ldap.
-- Nathan
Jim Doyle wrote:
>
> > Does anyone know if LDAP authentication exists for (Open)AFS? The goal
> > would be for AFS to issue tokens based on LDAP server authentication.
>
> I know of no such solution.
>
> Two things would be needed:
>
> 1. Kaserver or the Kerberos 5 KDC would need to be modified to retrieve
> principal and private key date from LDAP instead of their own private
> Berkeley DB style backends.
>
> 2. PTServer interfaces would have to be grafted to LDAP lookups.
>
> Further, The PTServer APIs are deeply connected to the fileserver,
> particularly the semantics of transactional updates -- this will make the
> LDAP integration tough since I believe the LDAP protocol provides no
> support for transactions..
>
> Still, it would be great to unify things..
>
> I'm sure someone else will come along and say "Can we not use LDAP and
> instead retrieve principal and group list data from XML Schema using
> blah blah blah backend".
>
> -- Jim
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
--
------------------------------------------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216